There can be a whole slate of reasons why a small business doesn’t invest more in IT security: lack of people, money, time, etc. But here’s what may also be holding small businesses back – their managers.

One of the top challenges in ramping up security is getting management on board, according to a new survey from security solutions provider Sophos Ltd. and the Ponemon Institute, which studies privacy, data protection, and information security policy. In a poll of 2,000 employees working to secure the IT systems of their SMBs, a solid 58 per cent said they feel their managers just don’t see cyber attacks as a real risk.

To follow up on that, 44 per cent said they feel having a strong security posture just isn’t up there on their list of priorities.

Just like those running legitimate businesses, hackers and cyber-criminals alike will be making New Year's resolutions to improve their efficiency and hone their techniques to get a bigger impact for their efforts, according

Imagine this scenario – you’ve just discovered hackers have reached into your system, pulled your customers’ records, and cost you both your reputation and the business of some of your customers. So now

Another 42 per cent answered by saying their budget isn’t enough to support a full security posture, while 33 per cent said their organizations lack in-house expertise. More striking still, about 32 per cent of respondents said their CIO is responsible for making the final call on IT security priorities – but another 31 per cent said no one at their organization has that role.

(Image: Sophos and Ponemon). Challenges to an SMB’s IT security posture. Click to enlarge.

Many respondents also seemed to be unsure about whether their organization had been the victim of a cyber attack. While 42 per cent responded with a definite ‘yes,’ and 26 per cent said ‘no,’ another 33 per cent said they were unsure. However, overall respondents seemed more confident about answering whether their organization had suffered a data breach, losing sensitive information on customers, employees, or business partners, with 51 per cent saying yes.

(Image: Sophos and Ponemon). Click to enlarge.

Interestingly enough, only eight per cent of respondents said they don’t have enough people to manage their IT security – although that’s often a common refrain among small businesses.

Still, the study found despite any lingering concerns around security, respondents said they were still embracing shifts into cloud and mobile, adopting applications for these spaces in droves.

Forty per cent said they would ramp up the use of cloud applications and IT infrastructure services in the next year, while 37 per cent said their use would be about the same.

Right now, about 40 per cent of respondents said employees’ mobile devices are accessing business-critical applications, although 69 per cent expect that number to be even higher next year. And while cloud security wasn’t as big a concern among the respondents polled, half of them felt using mobile devices could weaken their organizations’ security postures.

Candice is a graduate of Carleton University and has worked in several newsrooms as a freelance reporter and intern, including the Edmonton Journal, the Ottawa Citizen, the Globe and Mail, and the Windsor Star. Candice is a dog lover and a coffee drinker.